package jdbc;

import java.sql.*;
import java.util.Scanner;

/**
 *API详解:PreparedStatement
 */
public class JDBCDemo_PreparedStatement_Demo3 {
    public static void main(String[] args) throws SQLException, InterruptedException {
        //接收用户输入的账号密码
        System.out.println("请你输入账号");
        String nmber=new Scanner(System.in).next();
        System.out.println("请你输入密码");
        String mima=new Scanner(System.in).next();
        //1.获取连接:如果连接的是本机mysql并且端口默认是3306,可以简化书写,&useServerPrepStmts=true预编译功能开启
        Connection connection = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/学生库&useServerPrepStmts=true", "root", "mysql");
        /*2.创建sql语句
        使用createStatement的sql默认格式"select * from pwd where accountnumber='"+nmber+"' and password='"+mima+"'";
        使用prepareStatement的sql默认格式*/
        String sql="select * from pwd where accountnumber=? and password=?";
        //3.使用.PreparedStatement创建执行sql对象,防止sql注入
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        //4.设置通配符?的值
        preparedStatement.setString(1,nmber);
        preparedStatement.setString(2,mima);
        //5.执行.PreparedStatement后,执行的executeQuery/executeUpdate就不用再次填入参数
        ResultSet resultSet = preparedStatement.executeQuery();
        if (resultSet.next()){
            System.out.println("登录成功");
        }else {
            System.out.println("登录失败");
        }
        //6.释放资源
        resultSet.close();
        preparedStatement.close();
        connection.close();
    }
}
